{"vulnerability": "CVE-2021-4064", "sightings": [{"uuid": "011c41f9-3444-4dc7-a5f5-d53392b57fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40648", "type": "seen", "source": "https://t.me/cibsecurity/49560", "content": "\u203c CVE-2021-40648 \u203c\n\nIn man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T22:32:40.000000Z"}, {"uuid": "63b10fd8-9002-4f68-9eb8-09e22fcfbfb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40647", "type": "seen", "source": "https://t.me/cibsecurity/49559", "content": "\u203c CVE-2021-40647 \u203c\n\nIn man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T22:32:38.000000Z"}, {"uuid": "e465a039-5f5e-4ff0-b29a-ecc7dc319d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40643", "type": "seen", "source": "https://t.me/cibsecurity/45400", "content": "\u203c CVE-2021-40643 \u203c\n\nEyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the \"sendmail\" application in the \"cacti\" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (\"send test mail\").\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T14:38:26.000000Z"}, {"uuid": "22c2ef20-ded6-4da8-b7e5-dc9a3fef9ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40642", "type": "seen", "source": "https://t.me/cibsecurity/45354", "content": "\u203c CVE-2021-40642 \u203c\n\nTextpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-29T14:37:21.000000Z"}, {"uuid": "3cd19d6b-2658-4aba-b8cf-88c2bd5840c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40649", "type": "seen", "source": "https://t.me/cibsecurity/44391", "content": "\u203c CVE-2021-40649 \u203c\n\nIn Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:23:41.000000Z"}, {"uuid": "ca585409-4347-4adc-8cab-6eeefee005c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40644", "type": "seen", "source": "https://t.me/cibsecurity/39875", "content": "\u203c CVE-2021-40644 \u203c\n\nAn SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T00:17:39.000000Z"}, {"uuid": "fa45e781-bcc6-45f6-84b2-fa2523a035ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40645", "type": "seen", "source": "https://t.me/cibsecurity/39874", "content": "\u203c CVE-2021-40645 \u203c\n\nAn SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T00:17:38.000000Z"}]}